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SBB accelerates rail service innovation 
with Red Hat Ansible Automation 


The Swiss Federal Railway (SBB) plans to invest close to US$1 billion annually in new and modern- 
ized trains. To support intelligent service devices across more than 100,000 on-board systems, 
SBB centralized and automated device management and development platform using Red Hat 
| Pp SBB CFF FFS ADE Automation and Red Hat Enterprise Linux, supported by Red Hat Satellite- With this 

solution, SBB has reduced device configuration times by 90%, improved the security of its data 
and network, and given developers access to data that will inform new, innovative services for 
railway passengers. 
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“The system we've built 
with Red Hat is a huge 
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test ideas much faster. 
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Creating a modern, intelligent rail network 


Swiss Federal Railways (SBB) is ranked among the world's best railway operators, based on its high 
rate of use, service quality, and safety rating'. In the next few years, SBB plans to invest close to US$1 
billion annually in new and modernized trains to create a smart, safe, and highly efficient rail network. 
For example, new trains will include intelligent features such as dynamic LED information displays, 
digital seat booking systems, CCTV safety monitoring, and WiFi access. 


However, managing the devices supporting these features was difficult due to high volume and a lack 
of central control. 


“Previously, we had to physically go onto every train to manually check, update, or fix each device,” 
said Sacha Berger, System Engineer at SBB. “There was no room for innovation because we had to 
painstakingly deal with each device and their individual suppliers.” 


After connecting all of its trains to a corporate network through 4G LTE mobile routers, SBB sought 
to establish an IT infrastructure that could take advantage of this connection to centrally manage all 
of the intelligent devices across its rail network. In addition, a standardized Internet of Things (loT) 
environment would simplify development and launch of new services across the network. 


“We wanted to give our developers a platform on which they can roll out any type of new application, 
quickly and simply,” said Berger. 


Centralizing a complex device environment 


The rail network sought an open source management platform that was already tested and proven by 
the market and decided to work with Red Hat. “One of the decisive considerations was availability of 
long-term support,” said Berger. “Red Hat was one of the few vendors that could claim ten years of 
support for its operating system.” 


The core of SBB’s updated device environment is Red Hat Enterprise Linux, an enterprise operat- 

ing system that provides a stable, reliable foundation for scaling existing applications and adopting 
emerging technology. Running in this environment, Red Hat Ansible Automation helps SBB auto- 
mate complex deployments and centrally control its IT infrastructure through a visual dashboard 
with features such as role-based access, scheduling, integrated notifications, and graphical inventory 
management. The rail operator used Ansible’s RESTful (Representational State Transfer) application 
programming interface (API) and command-line interface (CLI) to embed it into existing tools 

and processes. 


“We compared Ansible and Puppet, and Ansible proved to be much easier to use to manage and write 
playbooks,” said Berger. 


To manage this infrastructure, SBB uses Red Hat Satellite, a solution specifically designed to keep 
Red Hat Enterprise Linux environments and other Red Hat infrastructure running efficiently and in 
compliance with security and other standards. 


With help from Red Hat Consulting, SBB’s new application environment was operational in just 
three weeks. 


1 “The Great Train Comparison.” Loco2. https://loco2.com/en/blog/great-train-comparison_report 
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“We didn't have much experience with Red Hat solutions, and our use case is rather special. Our 
servers are traveling at 250 kilometers per hour. Unlike in a normal datacenter that can identify a host 
system by its MAC address, we have to use an IP address to connect to our devices across constantly 
changing distances,” said Berger. “The work of Red Hat consultants in figuring how to use Red Hat 
Satellite over high-latency networks was invaluable. There is no way we'd have had everything online 
and operational in that short time frame on our own.” 


SBB has now connected more than 100,000 devices on board 40 trains, with plans to connect up 
to 300 trains by early 2020. “This network will bring results like greater productivity for our IT team, 
fewer bugs, and less dependency on multiple suppliers,” said Berger. 


Speeding feature and security updates with automation 
Reduced configuration times by more than 90% 


By automating its complex, manual device configuration process using Red Hat Ansible Automation, 
SBB has reduced the configuration time for each train from five days to three hours or less—some- 
times as fast as 40 minutes. 


“Once Red Hat Satellite is reachable, we just power up the computer, wait three hours, and it’s all 
done,” said Berger. “We don't have to do anything manually. Deploying the trains’ onboard systems 
is totally automated.” 


As a result of these improvements, SBB can now deploy component hardware to trains without 
needing specialized, proprietary software from the same hardware vendor. These changes have 
already helped the company save time for staff to focus on more valuable service innovation. 
Additionally, the rail operator anticipates long-term reductions in its procurement costs and 
supplier dependency. 


Improved device and data security 


Compared to its previous, manual approach to device installation and management, SBB’s auto- 
mated approach with Red Hat Ansible Automation is more secure and reliable. Central device man- 
agement eliminates the need for individual technicians to physically plug in USB drives to multiple 
trains. Updates are managed by vehicle type, avoiding any fleet-wide service impact, and can even 
be done while a train is in motion. 


“With the old system, updating an application required selecting each recall separately and choos- 
ing which vehicles to apply this software update on,” said Berger. “Now, we can test updates, and roll 
them out into production with Red Hat Ansible Automation.” 


Security controls are built into Red Hat's software to protect sensitive data with role-based access. 
For example, Ansible Automation centralized all access credentials to store SSH (Secure Shell) keys 
or passwords without exposing them to dozens of users across the railway operator. As a result, SBB 
can better protect critical national transportation infrastructure from malicious threats or errors. 


“With Red Hat Enterprise Linux on the trains themselves, a corporate ID is now required to log into the 
system, then the rail host on the vehicle connects via LDAP [Lightweight Directory Access Protocol] 
to our Active Directory server. We can verify if a user is active, valid, and in the right groups to access 
the system,” said Berger. 
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Case study 


Support for continued service innovation 


With a typical lifespan of 40 years for new trains, SBB can use its Red Hat-based platform to con- 
tinuously upgrade service features and stay up-to-date with the latest technology capabilities. For 
example, IT teams can use CCTV or seat booking system data to improve predictive maintenance, 
resulting in higher passenger satisfaction. 


“The system we've built with Red Hat is a huge opportunity to deploy new applications and test ideas 


much faster. Our developers now have access to any of our on-board devices and a huge amount of 
operational and passenger behavioral data to work with,” said Berger. 


Adding more devices to continue improving railway services 


SBB is eager to share the insights from using its new approach and the data collected with other 
national rail operators. “This is not a closed system. We want to spread good ideas with other opera- 
tors and open ourselves up to new ideas,” said Berger. 


The rail operator is planning a dramatic increase in the number of devices, sensors, and data points 
on board its trains to solve new loT challenges and continue improving its services. 


“Once we move to IPv6, the latest version of the communications protocol, we will have every device 


integrated into our corporate network,” said Berger. “The possibilities are limitless because we can 
easily manage all of these connections and continue supporting all of our devices with Red Hat 
Ansible Automation.” 


About Swiss Federal Railways 


Swiss Federal Railways (SBB) is the foundation of the Swiss public transport system. The company 
transports over 1.25 million passengers and 205,000 tons every day. It has 32,300 employees and 
annual revenues in excess of US$9 billion. www.sbb.ch 


About Red Hat 


Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered 
approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. 
Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on 
our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning 
support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner 
o cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can 
help organizations prepare for the digital future. 
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